On 04/12/2011 07:03 PM, Tom Eastep wrote: > On 04/12/2011 07:56 AM, [email protected] wrote: >> Sure I'm missing something. >> I'm using Shorewall 4.0.6 on a Debian Etch server with kernel 2.6.24. > A museum piece! :-) > Yes! It is! :) But it worked so fine so far...It's a pity to dismiss it :) >> The server is running asterisk 1.6 with few IP Phones registered to the >> asterisk, on the internal Interface eth0. The server has indeed a public >> interface eth1 used by asterisk to connect to external SIP providers. >> Now, I simply can't prevent an external IP Phone from registering on my >> asterisk on interface eth1. >> I tried to stop the UDP traffic with this rule (rules file): >> >> DROP net:XX.XX.XX.XX fw udp 1024:65535 >> >> Where XX.XX.XX.XX is the public ip addres of the IP Phone. How could it be? > So long as there is traffic on the 'connection', that rule won't stop > it. It will only stop *new* connections from being made. You need the > same rule in the ESTABLISHED section of the rules file in order to stop > traffic entirely. > > -Tom That was the problem. I was doing a mistake because seems that event If I drop all the connections on asterisk, stopping the daemon, the ip phone was able to register once started again. But the SECTION ESTABLISHED really match my traffic.
Thanks!!! ------------------------------------------------------------------------------ Forrester Wave Report - Recovery time is now measured in hours and minutes not days. Key insights are discussed in the 2010 Forrester Wave Report as part of an in-depth evaluation of disaster recovery service providers. Forrester found the best-in-class provider in terms of services and vision. Read this report now! http://p.sf.net/sfu/ibm-webcastpromo _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
